What is claimed is: 



CLAIMS 



1 1 . A method of providing access to services across a computer network, comprising the 

2 step of: 

3 generating an access request, said access request including a network device 

4 description and a plurality of service requests indicative of computer services 

5 for which the network device requests provisioning; and 

6 forwarding said access request for authentication and authorization. 

12. A method according to Claim 1 in which the access request is a RADIUS packet, the 

2 service requests being defined by information contained within Vendor-Specific Attribute 

3 (VSA) blocks in the said packet. 

1 3. A method according to Claim 2 in which each said block contains a device-type 

2 identifier and a service-request identifier. 

1 4. A method according to Claim 2 in which the packet is a RADIUS -compliant 

2 authentication request packet. 

1 5. A method according to Claim 1 in which the device description includes one or more 

2 of device vendor, device type, device version, physical location. 

1 6. A method according to Claim 1 in which the service requests include a request for a 

2 particular service level. 

1 7. A method according to Claim 1 in which a policy is applied to the access request to 

2 determine whether access will be allowed, and if so for what services. 
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1 8. A method according to Claim 1 in which a network resources are provisioned in 

2 dependence upon the access request. 

19. A method according to Claim 1 in which the steps of receiving and applying are 

2 performed by an access-control server or an Authentication, Authorization and Audit (AAA) 

3 server. 

1 10. A method according to Claim 9 in which the access-control server uses the access 

2 request to select among multiple services that are specified for a particular device. 

1 11. A network device arranged to provide access to services across a computer network, 

2 comprising: 

3 means for generating an access request, said access request including a network 

4 device description and a plurality of service requests indicative of computer 

5 services for which the network device requests provisioning; and 

6 means for forwarding said access request for authentication and authorization. 

1 12. A network device according to Claim 1 1 including means to generate RADIUS- 

2 compliant packets, the service requests being defined by information contained within 

3 Vendor-Specific Attribute (VSA) blocks in this said packet. 

1 13. A network device, comprising: 

2 a network interface capable of being coupled to a computer network and for sending 

3 to the network access requests, and a processor having one or more stored 

4 sequences of instructions which, when executed, cause the processor to 

5 perform the steps of: 
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generating an access request for forwarding via the network interface, said access 
request including a network device description and a plurality of service 
requests indicative of computer services for which the network device 
requests provisioning; and 



7 



8 



9 



10 



forwarding said access request for authentication and authorization.. 



1 14. A network device according to Claim 13 in which the access request is received as a 

2 RADIUS packet, the service requests being defined by information contained within Vendor- 

3 Specific Attribute (VS A) blocks in this said packet. 

1 15. A network device according to Claim 14 in which each said block contains a device- 

2 type identifier and a service-request identifier. 

1 16. A network device according to Claim 14 in which the packet is a RADIUS-compliant 

2 authentication request packet. 

1 17. A network device according to Claim 13 in which the device description includes one 

2 or more of device vendor, device type, device version, physical location. 

1 18. A network device according to Claim 1 3 in which the service requests include a 

2 request for a particular service level. 

1 19. A computer system comprising 

2 an access-control server for controlling access to resources on the network when 

3 requested by network devices, the access-control server being arranged: 

4 (a) to receive an access request from a network device, said access request 

5 including a network device description and a plurality of service requests 

6 indicative of computer services for which the network device requests 

7 provisioning; and 
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(b) to apply a policy to the access request to determine whether access will be 
allowed, and if so for what services. 



1 20. A computer system according to Claim 19 in which the access control server instructs 

2 the provisioning of network resources in dependence upon the access request. 

1 21 . A computer system according to Claim 1 9 in which the access-control server is an 

2 Authentication, Authorization and Audit (AAA) server. 

1 22. A computer system according to Claim 19 in which the access-control server uses the 

2 access request to select among multiple services that are specified for a particular device. 

1 23. A computer-readable medium carrying a sequence of instructions which, when 

2 executed by one or more processors, causes said processor or processors to perform the steps 

3 of: 

4 generating an access request for access to resources on a computer network, said 

5 access request including a network device description and a plurality of 

6 service requests indicative of computer services for which the network device 

7 requests provisioning; and 

8 forwarding said access request for authentication and authorization.. 

1 24. A computer-readable medium according to Claim 23 further including instructions for 

2 generating a RADIUS packet, the service requests being defined by information contained 

3 within Vendor-Specific Attribute (VSA) blocks in said packet. 

1 25. A computer-readable medium according to Claim 24 further including instructions for 

2 creating within each said block a device-type identifier and a service-request identifier. 

1 26. A computer-readable medium according to Claim 24 in which the generated packet is 

2 a RADIUS-compliant authentication request packet. 
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1 27. A computer-readable medium according to Claim 23, in which the device description 

2 includes one or more of device vendor, device type, device version, physical location. 

1 28. A computer-readable medium according to Claim 23, in which service requests 

2 include a request for a particular service level 

1 29. A network device as claimed in claim 1 1 or claim 13 comprising a network access 

2 device which controls end-user device access to a network, and which requests services on 

3 behalf of one or more said end-user devices. 

1 30. A network device as claimed in claim 1 1 or claim 13 in which said device requests 

2 services for its own use. 
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